1 reply

The StoredIQ server uses Kerberos to authenticate with the Active Directory LDAP server. If the timestamp of the StoredIQ Data Server is not syncronized with the domains Active Directory server it will not be able to create the volume. Attempting to do so will result in the Kerboros skew error KRB5KRB_AP_ERR_SKEW error being reported in a packet trace. The error can also be generated using the command kinit at a command prompt. The cause for this can be that the date/time value defined for the StoredIQ data server is not synchronized with the date/time of the domains' LDAP server.

Listed below are some symptoms you may experience:

A KRB Error: KRB5KRB_AP_ERR_SKEW error will be reported in a packet trace indicating that the clock skew is too great between the StoredIQ Data Server and the Active Directory server.

When the command kinit is issued at a command prompt it will produce the message: kinit(v5): Clock skew too great while getting initial credentials at the command line.

(Note that the domain in the value must be capitalized).

In order to diagnose the problem issue the command kinit at a command prompt. If the clock skew is acceptable it will return to a command prompt after generating a connectivity ticket. To confirm that a connectivity ticket has been issued invoke the command ls /tmp/krb* at a command prompt. This should indicate the presence of a file in that location.

To resolve the problem select one of the following options to synchronize the time of the StoredIQ Data Server with the Active Directory server:

Configure the StoredIQ server to use an NTP server using the following methods: Select check box and provide NTP server name on the Data Server System Configuration -> System time and date configuration page. To determine a suitable NTP server use the following command from a command line on the Data Server: dig SRV _ntp._tcp. +noall +answer

Use the command 'ntpdate ' from a command prompt on the Data Server to sync the date/time on the Data Server with the NTP server

Modify the system date and time of the StoredIQ Data Server using the Server System Configuration -> System time and date configuration page to synchronize it with the Active Directory server or LDAP server in use in the domain.